As of 13 February, the specifications were not in evidence at either site. In fact, the Visa site still included a press release from June 1995 announcing that Visa and MasterCard were to cooperatively develop specifications that would be released in September 1995 leading to service in early 1996.
Perhaps anticipating the 1 February announcement, First Virtual Holdings (FVH) announced in late January that it had developed a computer program that could capture credit card numbers from unsuspecting computer users prior to any software encryption and transmit them surreptitiously to a third party via the Internet. FVH [home page] supports Internet electronic commerce through a scheme that avoids cryptography, transmitting a customer's credit card information via a separate telephone call. According to information released by First Virtual, the program is designed to monitor user's keystrokes, recognize sequences that appear to be credit card numbers (based on their known structure and redundancy), and transmit the numbers tracelessly across the Internet. It could be distributed as a virus or Trojan horse. Although FVH acknowledged that the elements of this attack are well known, it claimed that the synthesis of the elements was new.
Although this attack may not seem particularly innovative to Cipher readers, the announcement naturally evoked a flood of e-mail responses from people interested in cryptography generally and from those with competing commercial interests. Cipher readers interested in details from FVH's point of view should visit their web page: http://www.fv.com/ccdanger/. Olin Sibert provides a thoughtful commentary in the Risks forum, Vol. 17, Issue 69 (Feb. 7),(see URL: http://csrc.ncsl.nist.gov/rskforum/risks17.069 which seems not to have found its way into the compendium of e-mail responses available at FVH's site.